

<?php 
include_once('db_connect.php');
if(isset($_POST)) {
	$action = $_POST['action'];

	// 
	switch ($action) {
		case 'changepass':
			ChangePass();
			break;
		
		case 'updateinfo':
			ChangeInfo();
			break;
		
		default:
			# code...
			break;
	}
}

// Change password
function ChangePass() {

	$id = $_POST['id'];
	$old = $_POST['oldpass'];
	$new = $_POST['newpass'];

	// Endcode to md5
	$old = md5($old);
	$new = md5($new);
	//echo($id." ".$old." ".$new);

	$connect = new Connect();
	$mysqli = $connect->getMysqli();	

	$sql = "SELECT PassWord FROM USER WHERE UserID = ?";

		$prSelect = $mysqli->prepare($sql);

		if(!$prSelect) {
			echo "Prepare failed: (" .$mysqli->errno. ") " .$mysqli->error;
		}

		//Bind
		$prSelect->bind_param('i', $id);

		if(!$prSelect->execute()) {
			echo "Execute Error: (" .$prSelect->errno. ") " .$prSelect->error;
		}

		// Get result
		$result = $prSelect->get_result();
		$row = $result->fetch_assoc();

		// get data of PassWord row
		$db_pass = $row['PassWord'];

		if($db_pass != $old) {
			echo "old pass is incorrect";
			return false;
		}

		$sqlUpdate = "UPDATE USER SET PassWord = ? WHERE UserID = ?";
		$prUpdate = $mysqli->prepare($sqlUpdate);

		if(!$prUpdate) {
			echo "Prepare failed: (" .$mysqli->errno. ") " .$mysqli->error;
		}

		//Bind
		$prUpdate->bind_param('si', $new, $id);

		if(!$prUpdate->execute()) {
			echo "Execute Error: (" .$prSelect->errno. ") " .$prSelect->error;
		}
		echo "Change password succcessful.";
	}

function ChangeInfo() {

	// Data.
	$id = $_POST['id'];
	// Get information
	$des = $_POST['ta'];
	$firstname = $_POST['firstname'];
	$lastname = $_POST['lastname'];
	$birthday = $_POST['birthday'];
	$gender = $_POST['gender'];
	$nickname = $_POST['nickname'];
	$address = $_POST['address'];
	$shelteradd = $_POST['shelteradd'];
	$highschool = $_POST['highschool'];
	$university = $_POST['university'];
	$cellphone = $_POST['cellphone'];

	//Connect to database and get mysqli object.
	$connect = new Connect();
	$mysqli = $connect->getMysqli();

	// Checking the database aldreay exist uer detail
	$sqlSelect = "SELECT UserID FROM USERDETAIL WHERE UserID = ?";

	$prSelect = $mysqli->prepare($sqlSelect);

	//Check prepare statement
	if(!$prSelect) {
			echo "Prepare failed: (" .$this->mysqli->errno. ") " .$this->mysqli->error;
		}

	//Bind
	$prSelect->bind_param('i', $id);

	// Check bind value
	if(!$prSelect->execute()) {
		echo "Execute Error: (" .$prSelect->errno. ") " .$prSelect->error;
	}

	// Get result
	$result = $prSelect->get_result();
	$row = $result->fetch_assoc();

	$db_id = $row['UserID'];

	if($db_id == null){

		// sql query Insert
		$sql = "INSERT INTO USERDETAIL 
				(UserID, DesYourSelf, FirstName, LastName,
					BirthDay, Gender, NickName, Address, ShelterAdd,
					HighSchool, University, Tel)
				VALUES 
				(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";

		// Prepare statement.
		$prInsert = $this->mysqli->prepare($sql);

		// Check
		if($prInsert) {

			// Bind
			$prInsert->bind_param('issssissssss',
									$id,
									$des,
									$firstname,
									$lastname,
									$birthday,
									$gender,
									$nickname,
									$address,
									$shelteradd,
									$highschool,
									$university,
									$cellphone
									);
		} else {
			echo "Prepare failed: (" .$this->mysqli->errno. "): " .$this->mysqli->error;
		}

		// Execute
		if(!$prInsert->execute()) {
			echo "ERROR excute: (" .$prInsert->errno. "): " .$prInsert->error;
		}
		echo "Successful";
	} else {

		// Update into database
		// sql query
		$sql = "UPDATE USERDETAIL
				SET
					DesYourself = ?,
					FirstName = ?,
					LastName = ?,
					BirthDay = ?,
					Gender = ?,
					NickName = ?,
					Address = ?,
					ShelterAdd = ?,
					HighSchool = ?,
					University = ?,
					Tel = ?,
					Destroy = ?
				WHERE
					UserID = ?";

		// prepare sql query.
		$prSelect = $mysqli->prepare($sql);

		// Check sql query was prepared
		if($prSelect) {
			$prSelect->bind_param('ssssisssssiii', 
								$des,
								$firstname,
								$lastname,
								$birthday,
								$gender,
								$nickname,
								$address,
								$shelteradd,
								$highschool,
								$university,
								$cellphone,
								$destroy,
								$id
								);

		} else {
			echo "Prepare failed: (" .$this->mysqli->errno. ") " .$this->mysqli->error;
		}

		//Execute
		if(!$prSelect->execute()) {
			echo "ERROR execute: (".$prSelect->errno.") ".$prSelect->error;
		}
		echo "Successful";
	}
}
?>